A Russian telecom company known as Protei, which develops technology enabling phone and internet providers to conduct web surveillance and censorship, was hacked. The breach involved the defacement of its website and the theft of data from its servers.
Protei was founded in Russia and creates telecommunications systems for phone and internet providers in dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan, and many nations in central Africa. The company, now headquartered in Jordan, sells video conferencing technology and internet connectivity solutions. It also provides surveillance equipment and web-filtering products, such as deep packet inspection systems.
The exact timing and method of the hack are not known. However, an archived copy of the company’s website shows it was defaced on November 8. The site was restored shortly after the incident.
During the breach, the hacker obtained the contents of Protei’s web server, amounting to approximately 182 gigabytes of files. This data included emails dating back several years.
A copy of the stolen Protei data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest. Their collections often include data from law enforcement, government agencies, and companies within the surveillance industry.
Mohammad Jalal, the managing director of Protei’s branch in Jordan, did not respond to a request for comment regarding the breach. The identity and motivations of the hacker remain unknown. The defaced website displayed a message that read, “another DPI/SORM provider bites the dust.” This message is a likely reference to the company’s sales of deep packet inspection systems and other internet filtering technology for the Russian-developed lawful intercept system known as SORM.
SORM is the primary lawful intercept system used across Russia and in several other countries that utilize Russian technology. Phone and internet providers install SORM equipment on their networks, which allows their governments to obtain the contents of calls, text messages, and the web browsing data of their customers.
Deep packet inspection devices enable telecom companies to identify and filter web traffic based on its source, such as a social media website or a specific messaging app, and then selectively block access. These systems are frequently used for surveillance and censorship in regions where freedom of speech and expression are limited.
In a 2023 report, The Citizen Lab revealed that the Iranian telecom giant Ariantel had consulted with Protei about technology for logging internet traffic and blocking access to certain websites. Documents published by The Citizen Lab show that Protei promoted its technology’s ability to restrict or block website access for specific individuals or entire segments of a population.